CVE-2021-33683

Name of the Vulnerable Software and Affected Versions: SAP Web Dispatcher and Internet Communication Manager (ICM) versions 7.21 through 7.83

Description: The issue arises from the incorrect handling of invalid HTTP headers, specifically the Transfer-Encoding header, which can lead to an HTTP Request Smuggling attack. This could allow an attacker to bypass web application firewall protection and divert sensitive data, including customer requests and session credentials.

Recommendations: For SAP Web Dispatcher and Internet Communication Manager (ICM) versions 7.21 through 7.83, update to a version that correctly handles invalid HTTP headers to prevent HTTP Request Smuggling attacks. As a temporary workaround, consider restricting access to sensitive data and implementing additional security measures to protect against potential attacks.